mod_jk is dead. Long live mod_proxy_ajp

It appears that there is *yet another* change coming to the recommended way to connect Tomcat to Apache. I've tried mod_proxy, mod_webapp, mod_jk and mod_jk2 - well it appears that the new direction is mod_proxy_ajp.

mod_proxy allows Apache to proxy requests to other systems. Before Apache 2.2 it would only work with FTP and HTTP, but now it handles AJP too.

So before Apache 2.2 you could rule out mod_webapp (easy to configure, but obsolete) and mod_jk2 (unsupported and fallen behind mod_jk v1!) and your choice was mod_proxy (easy to get working but easy to create a security hole) or mod_jk (harder to configure but generally better).

If you can avoid the security hazards, it looks like mod_proxy_ajp may soon be a better option from Apache 2.2 and on. Either that or it’s just going to be another way to confuse everyone.

The next change I expect is that someone equipped with GCJ is going to come up with mod_tomcat - just compile the whole thing as an Apache module and forget all this connector nonsense!

Does anyone have experience of how mod_proxy_ajp performs?

Update: For more information on picking a connector you might want to consider:

Tags :
Responses[11] RSS feed for responses to this blog entry
Posted by Joe Walker on 01 February 2006 08:18:35 GMT #


Reply

Re: mod_jk is dead. Long live mod_proxy_ajp

Comment from Mikael Gueck on 01 February 2006 08:22:10 GMT #
In my use, it performs segfaultingly well. Perhaps 2.2.1 will fix this.
Reply

Re: mod_jk is dead. Long live mod_proxy_ajp

Comment from Rob Sanheim on 01 February 2006 09:03:39 GMT #
Just what we need, another way to hook up apache and tomcat to confuse new developers. I can hear the mailing lists crying out already...
Reply

Re: mod_jk is dead. Long live mod_proxy_ajp

Comment from Anonymous on 01 February 2006 12:01:55 GMT #
Do any of them actually WORK tho? Why can't the ASF get its shit in gear and deprecate the ones that don't, and move forward with a single solution?
Reply

Re: mod_jk is dead. Long live mod_proxy_ajp

Comment from Julien Dubois on 01 February 2006 22:56:26 GMT #
One comment on mod_jk2 : I was tonight at the Paris JBoss User Group, and the support guy from JBoss said NOT to use mod_jk2 at all, as it's causing lots of errors which are very diffcult to track. So the recommanded module (from the JBoss support) is mod_jk 1.2. The guy also told me there would be a mod_jk 1.3, which is in fact mod_jk 3...... I'm the one who wrote the "configuring mod_jk2" page on the JBoss wiki, a couple of years ago. At that time things looked a lot easier :-))
Reply

Re: mod_jk is dead. Long live mod_proxy_ajp

Comment from Norman Richards on 02 February 2006 01:34:36 GMT #
I think the solution here is JBossWeb. It's a combination of apache and tomcat that should offer some relief from the mod_jk/proxy/whatever mess.
Reply

Re: mod_jk is dead. Long live mod_proxy_ajp

Comment from Anonymous on 06 March 2006 15:45:23 GMT #
I have found mod_proxy_ajp easier to work with than mod_jk and mod_jk2. I haven't notice any significant performance difference. For me the ease of use of mod_proxy_ajp makes it my preferred method, but I have run into other problems that will force me to reconsider it's use.
Reply

Re: mod_jk is dead. Long live mod_proxy_ajp

Comment from Anonymous on 11 March 2006 17:28:19 GMT #
What are the "other problems" you have ran into that are making you reconsider it's use?
Reply

Re: mod_jk is dead. Long live mod_proxy_ajp

Comment from Chris on 16 March 2007 20:40:19 GMT #
I've run into issues with the following errors turning up in the log file: [Fri Mar 16 13:28:45 2007] [error] (70007)The timeout specified has expired: ajp_ilink_receive() can't receive header [Fri Mar 16 13:28:45 2007] [error] ajp_read_header: ajp_ilink_receive failed [Fri Mar 16 13:28:45 2007] [error] (120006)APR does not understand this error code: proxy: read response failed from 139.142.185.229:8009 (139.142.185.229) What ends up happening very intermittently is that a user gets to the checkout page (https) and when they hit the submit order button they get a blank page and the above error message is written into the apache logs. I don't know why it happens. I was unable to get mod_jk to work properly with apache 2.2.3 and mod_proxy_ajp was so easy to set up. If I could figure out why I intermittently get the error it would be aweseome!
Reply

Re: mod_jk is dead. Long live mod_proxy_ajp

Comment from adobni on 05 March 2007 15:18:11 GMT #
Does mod_proxy_ajp allows to pass the client certificate to the tomcat app? this is a source of pain with mod_jk 1.x/2.x and mod_proxy doesn't supports it.
Reply

Re: mod_jk is dead. Long live mod_proxy_ajp

Comment from Apache and Tomcat on 07 March 2007 14:58:10 GMT #
You can also use mod_proxy_http.
Reply

Re: mod_jk is dead. Long live mod_proxy_ajp

Comment from Vlad on 12 November 2007 14:41:36 GMT #
Hi Joe, Why do you think mod_proxy is less secure than mod_jk? You said about mod_proxy: "easy to create a security hole". Best, Vlad

Add a comment Send a TrackBack